The server and some of the default applications are patched for privilege separation and other enhancements, and OpenBSD provides an "aperture" driver to limit X's access to memory. However, after recent work on X security flaws by Loïc Duflot, Theo de Raadt commented that the aperture driver was merely "the best we can do" and that X "violates all the security models you will hear of in a university class.

Hello I'm new here. Anyway, I was looking at this wondering basically, how good is "the best we can do" in a practical sense? Are there better alternatives to run on OpenBSD or should I just not use anything like that at all?

The project mailing lists are some of the best sources for definitive information on OpenBSD. http://marc.info is one of the archive sites that a number of people here prefer. Others are mentioned at the following:

Pick a hardware platform that doesn't have the aperture issue/need the aperture driver, or don't run X.

The first link by ocicat is a very direct answer on the topic that I was going to link until I noticed that ocicat beat me to it. And speaking of that particular thread, does anyone know if the loongson machines (that had OpenBSD ported to them long after that thread) require the aperture driver? I know the loongson is basically a fancy-ish MIPS port, but I wanted to check and see if anyone here knew for sure before I ordered one.